Security Executive Blog: dcsa

Showing posts with label dcsa. Show all posts

Thursday, March 5, 2020

Questions for SPeD, ISOC and ISP Certification

Get your copy @ www.redbikepublishing.com

These NISPOM based questions could be helpful in passing the NCMS ISP Certification and the DoD's SPeD Certification exams including the most recent Industrial Security Oversight Certification (ISOC).

Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM.

We've updated our manual for NISPOM Change 2.

The dispatching company security officer must provide the receiving security officer with _____ advance notice of the couriers expected date and time of arrival.

a. 48 hours

b. 72 hours

c. 24 hours

d. 12 hours

e. 86 hours

When completing the Request for Visit, the anticipated level of classified information involved include all the following EXCEPT:

a. TOP SECRET

b. SECRET

c. REGISTERED

d. RESTRICTED

e. UNCLASSIFIED

Which of the following are considered a CSA?

a. Department of Defense

b. Central Intelligence Agency

c. Department of Energy

d. The Nuclear Regulatory Commission

e. All the above

Scroll for answer:

The dispatching company security officer must provide the receiving security officer with _____ advance notice of the couriers expected date and time of arrival.

a. 48 hours

b. 72 hours

c. 24 hours (NISPOM 5-408d)

d. 12 hours

e. 86 hours

When completing the Request for Visit, the anticipated level of classified information involved include all the following EXCEPT:

a. TOP SECRET

b. SECRET

c. REGISTERED (NISPOM Appendix B4)

d. RESTRICTED

e. UNCLASSIFIED

Which of the following are considered a CSA?

a. Department of Defense

b. Central Intelligence Agency

c. Department of Energy

d. The Nuclear Regulatory Commission

e. All the above (NISPOM 1-104a)

So, how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book used our techniques to augment their preparation have performed very well on certification exams.

Check out our newest resource, on line testing. Simulates testing environments for the ISOC and ISP.

For practice purposes, download the electronic version of the NISPOM and use it to help search the answers to the provided test questions. Use a timer to count down 120 minutes for each practice exam.
Register for the exam here: https://www.classmarker.com/online-test/start/?quiz=jdm5dbdb6cb9c613

You can find additional certification training and resources at http://www.redbikepublishing.com/ispcertification/

NISPOM link

https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodm/522022m.pdf

Just select the “edit” tab and then “find”. Then type the key word or phrase from the test question to help find the answers.

Sample screen shot:

Consider visiting Red Bike Publishing for training that you can download and present to cleared employees as well as present to DSS during the annual review.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
--> --> Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Saturday, January 4, 2020

NISPOM, ISP and ISOC Study Questions

Get your copy @ www.redbikepublishing.com

Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM.

We've updated our manual for NISPOM Change 2.

1. TOP SECRET information can be transmitted by which of the following methods within the U.S. and its territories?

a. Defense Courier Service, if authorized by GCA

b. A courier cleared at the SECRET level

c. By electrical means over FSO approved secured communication devices

d. By government vehicle

e. By U.S. Postal Service Registered Mail

2. SECRET information can be transmitted by which of the following means?

a. Registered mail

b. Cleared commercial carrier

c. As designated in writing by GCA

d. Commercial company approved by CSA

e. All the above

3. Contractors who designate cleared employees as couriers shall ensure all EXCEPT:

a. They are briefed on responsibilities to safeguard classified information

b. They possess a card with the company name, name of individual and picture ID

c. They possess authorization to store classified in hotel safe

d. Classified material is inventoried prior to deliver

e. Classified material inventory transported with material

Scroll Down For Answers

1. TOP SECRET information can be transmitted by which of the following methods within the U.S. and its territories?

a. Defense Courier Service, if authorized by GCA (NISPOM 5-402)

b. A courier cleared at the SECRET level

c. By electrical means over FSO approved secured communication devices

d. By government vehicle

e. By U.S. Postal Service Registered Mail

2. SECRET information can be transmitted by which of the following means?

a. Registered mail

b. Cleared commercial carrier

c. As designated in writing by GCA

d. Commercial company approved by CSA

e. All the above (NISPOM 5-403)

3. Contractors who designate cleared employees as couriers shall ensure all EXCEPT:

a. They are briefed on responsibilities to safeguard classified information

b. They possess a card with the company name, name of individual and picture ID

c. They possess authorization to store classified in hotel safe (NISPOM 5-410)

d. Classified material is inventoried prior to deliver

e. Classified material inventory transported with material

So, how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book used our techniques to augment their preparation have performed very well on certification exams.

Just select the “edit” tab and then “find”. Then type the key word or phrase from the test question to help find the answers.

Sample screen shot:

-->

Saturday, November 2, 2019

New Resource for NISPOM testing

Red Bike Publishing is excited about adding a new resource to assistant you with your NISPOM studies. It's an online test of 110 random NISPOM questions with a 2 hour time limit. Though this is not guaranteed to give you a passing grade, this can be used as a practice test for the ISP Certification or the ISOC certification exam.

Just visit the link and sign up for the online exam. All you need is to register for the practice test and have a pdf copy of NISPOM available and you are ready to go.

The practice exam has 110 multiple choice NISPOM questions and is timed for 120 minutes. You can take it up to 20 times in a six month period as you study for the actual exam day. Each time you test, the questions and answers will appear in random order. Give it a try.

For practice purposes, download the electronic version of the NISPOM and use it to help search the answers to the provided test questions. Use a timer to count down 120 minutes for each practice exam.
Register for the exam here: https://www.classmarker.com/online-test/start/?quiz=jdm5dbdb6cb9c613

You can find additional certification training and resources at http://www.redbikepublishing.com/ispcertification/

NISPOM link

https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodm/522022m.pdf

Just select the “edit” tab and then “find”. Then type the key word or phrase from the test question to help find the answers.

Sample screen shot:

Monday, September 2, 2019

NISPOM Based Certification Questions

Get your copy @ www.redbikepublishing.com

1.    Concerning a government contractor monitoring station with a response team cleared at the SECRET level, how many guards are required to respond to an alarm?
a.           At least two when at least one guard is cleared
b.           The amount sufficient to immediately investigate each alarm 
c.            At least five when at least one guard is cleared
d.           At least four when at least one guard is cleared
e.            At least three when at least one guard is cleared

2.    Who determines need to know at classified meetings?
a.           GCA

b.           Contract monitor

c.            Individual disclosing information 

d.           Visiting individuals

e.            FSA


3.    FSO’s may approve Automated Access Control Systems that meet the following standard(s):
a.           Chances of unauthorized access are no more than one in ten thousand
b.           Chances of authorized persons being rejected no more than one in five hundred
c.            Chances of authorized persons being rejected no more than one in one thousand
d.           A and c 
e.            None of the above

Scroll Down For Answers

1.    Concerning a government contractor monitoring station with a response team cleared at the SECRET level, how many guards are required to respond to an alarm? 

a.           At least two when at least one guard is cleared

b.           The amount sufficient to immediately investigate  each alarm (NISPOM 5-903)

c.            At least five when at least one guard is cleared

d.           At least four when at least one guard is cleared

e.            At least three when at least one guard is cleared

2.    Who determines need to know at classified meetings?

a.           GCA

b.           Contract monitor

c.            Individual disclosing information (NISPOM 6-102)

d.           Visiting individuals

e.            CSA

3.    FSO’s may approve Automated Access Control
Systems that meet the following standard(s):

a.        Chances of unauthorized access are no more than one in ten thousand

b.         Chances of authorized persons being rejected no more than one in five hundred

c.            Chances of authorized persons being rejected no more than one in one thousand

d.           A and c (NISPOM 5-313)

e.            None of the above

Consider visiting Red Bike Publishing for training that you can download and present to cleared employees as well as present to DSS during the annual review.

Gather, integrate, and report insider threat information

This article addresses the NISPOM based Insider Threat Program (ITP) compliance requirements and is inspired by questions from the Self Inspection Handbook for NISP Contractors. The article uses the handbook’s format to through the self-inspection criteria. We begin the topic question, the NISPOM reference, an explanation of requirements, and finally how to inspect compliance.

Topic Question(s):

Does your program include a capability to gather, integrate, and report relevant and credible information, which falls into one of the 13 adjudicative guidelines indicative of a potential or actual insider threat?

EVIDENCE: Explain process to gather and integrate data and provide procedures

VALIDATION:

NISPOM Reference(s):

1-202a

a. The contractor will establish and maintain an insider threat program that will gather, integrate, and report relevant and available information indicative of a potential or actual insider threat, consistent with E.O. 13587 (reference (ac)) and the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (reference (ad)), as required by the appropriate CSA.

One might ask the question of what is reportable as far as insider threat indicators. Aside from actually catching a culprit redhandedly sabotaging company resources or stealing government secrets, the employee is asked to report suspicious but credible observations. The Facility Security Officer (FSO) of the cleared defense contractor organization should develop a methodology for reporting insider threat behavior and training on how to recognize the behavior and then report it.

To do so, there is an existing methodology that leverages a current requirement. The “go to” for a resource for standardized process or policy of relevant and credible information is to follow the 13 Adjudicative Guidelines. Any one of these guidelines can serve as indicators of authorized employees with malicious intent.

A review of the available 13 Adjudicative Guidelines can provide data points for a risk manager to build upon. The guideline topics and a simple description of each topic are provided so that behaviors can be identified and if credible, reported to Insider Threat Program Senior Official.

Employees can be trained to observe certain behavior and recognize them as triggers for whether or not to report. When an employee observes credible high risk behavior they should understand who to and how to report it.

Her the 13 Adjudicative Guidelines that should be employed to recognize reportable behavior.

Guideline A: Allegiance to the U.S.

A cleared employee should demonstrate unquestionable allegiance to the United States. Any behavior or other indications of involvement in, training to commit, support of, or advocacy of any activity that demonstrates loyalty to other countries should be reported. Examples of behavior could include questionable internet searches, club memberships, or charitable donations to organizations with allegiance to other countries that would bring demise on the United States.

Guideline B: Foreign Influence Foreign contacts and interests may be a security concern if a cleared employee demonstrates divided loyalties or foreign financial interests. The concern is they may be influenced to help a foreign person, group, organization, or government in a way that is not in the U.S. interests. The cleared employee could also be vulnerable to pressure or coercion by any foreign interest.

Guideline C: Foreign Preference

Here the cleared employee could be demonstrating behavior that could serve the interests of a foreign person, group, organization, or government that is in conflict with the national security interest.

Guideline D: Sexual Behavior

A cleared employee could be engaged in sexual behavior that involves a criminal offense. Or the behavior could indicate a personality or emotional disorder, reflects lack of judgment or discretion, or which may subject the individual to undue influence or coercion, exploitation, or duress. If in violation of Guideline D, the behavior could raise questions about an individual's reliability, trustworthiness and ability to protect classified information.

Guideline E: Personal Conduct

This is a catch all behavior. Cleared employees demonstrating any personal conduct or concealing information about their conduct. Such behavior creates a vulnerability to exploitation, manipulation, or duress.

Guideline F: Financial Considerations

A cleared employee who is financially overextended could be at risk of having to engage in questionable behavior to improve their situation. This behavior could reflect the other Guidelines.

Guideline G: Alcohol Consumption (

This is one of the more obvious and easier to recognize in most situations. Alcohol-related incidents at work, such as reporting for work or duty in an intoxicated or impaired condition or drinking on the job.

Guideline H: Drug Involvement

The use of illegal drugs or misuse of prescription drugs can raise questions about an individual’s reliability and trustworthiness, both because drug use may impair judgment and because it raises questions about an individual’s willingness to comply with laws, rules, and regulations.

Guideline I: Psychological Conditions

Certain emotional, mental, and personality conditions can impair judgment, reliability, or trustworthiness.

Guideline J: Criminal Conduct

Criminal activity creates doubt about a person’s judgment, reliability, and trustworthiness and calls into question a person’s ability or willingness to comply with laws, rules, and regulations.

Guideline K: Handling Protected Information

This can be accidental, repetitive, as well as malicious. Any situation where a cleared employee mishandles classified information should be addressed per the investigative findings. Forgetful employees can be trained, but problem employees demonstrating repetitive offenses may lose their clearances. Insider threats with malicious intents could be reported to law enforcement.

This behavior can be demonstrated through a long list of NISPOM or ITAR violations such as loading, drafting, editing, modifying, storing, transmitting, or otherwise handling classified reports, data, or other information.

Guideline L: Outside Activities

Any foreign, domestic, or international organization or person engaged in analysis, discussion, or publication of material on intelligence, defense, foreign affairs, or protected technology organization that analyzes, discusses, or publishes material. This can be held in close regard with Guidelines A and B as well as others, depending on motivation.

Guideline M: Use of Information Technology

Cleared employees should handle classified information appropriately and Guideline K demonstrates activity that violates of NISPOM guidance. Here, use of any classified or unclassified information technology system to gain unauthorized access to information or a system. This includes hacking into servers, emails, networks or computers.

The next step is to develop a method of investigating and reporting the behavior. One scenario is that an employee reports suspicious activity to the FSO per earlier NISPOM guidance. The FSO could receive the report and begin an inquiry based on NISPOM requirements. However, with recent NISPOM updates the FSO can now engage the Insider Threat Team as part of that inquiry. Credible violations of the Guidelines can at the very least result in addressing the protection of classified information or be raised to another level of addressing potential insider threat issues.

Ideas to demonstrate compliance:

Develop a reporting process for receiving credible reports of suspicious behavior

Document reports and investigations

Document results of investigations

Create and deliver training to employees

Document training

Sponsor us.

We offer advertising space on our Podcast, newsletter, website and blog, for $700.00 per year. Our products are targeted directly to your market; only those who are providing defense industry security subscribe to our newsletter.

Effective advertising positions your company for success. You’ll get:

Advertisement on our sites marketing exclusively to defense contractors

Announcement in Podcast http://dodsecure.buzzsprout.com and on podcast page. Podcasts are available on Apple, Amazon, Buzzsprout and more.

Linked banner @ http://www.dodsecurity.blogspot.com/

Linked banner in sponsor section of home page https://www.redbikepublishing.com/sponsors/

Linked banner in monthly email newsletter dedicated to training cleared contractors on protecting classified information.

Consider allowing us to provide a 1000 word article about your product to feature on our blog and newsletter for $500.00

If you would like more information, please contact us editor@redbikepublishing.com

Here is a wrap up of what we were able to do in 2020

We've outsourced a few tasks to provide better customer service. To provide better content for our security professional customers, we've funded the following efforts just for our newsletter and Podcast considerations:

• Upgraded email functionality for better newsletter distribution

• Upgraded website content

• Purchased high quality microphones and mixers for podcasts

• Purchased high quality cameras for YouTube videos and course content

• Upgraded to video conference capability with paid subscriptions

• Purchased software packages for better formatting

• Attended Podcast 2020 and brought back some tremendous lessons learned

• and much more.

We’ve completed the following milestones this year:

• 25% more newsletter subscribers with your services listed.

• Provided referrals to sponsors

• Released 36 articles in more than 24 newsletter editions

• Over 40 blog posts with thousands of visitors with your services listed

• Interviewed multiple people to provide over 20 podcast episodes. We've reached over 2000 downloads, which is huge considering our small niche. I hope you've had a chance to listen to Ray DICE Man Semko. Getting him on podcast was a huge success.

You will also be able to provide any articles, white papers or messages personalized to our audience. We could also include you or other employees in some strategic podcasts as well. Always looking for great guests.

Pages

Thursday, March 5, 2020

Questions for SPeD, ISOC and ISP Certification

Saturday, January 4, 2020

NISPOM, ISP and ISOC Study Questions

Saturday, November 2, 2019

New Resource for NISPOM testing

Monday, September 2, 2019

NISPOM Based Certification Questions

Gather, integrate, and report insider threat information